The Cybersecurity and Infrastructure Security Agency (CISA) publishes a draft document mandating a vulnerability disclosure policy and a strategy for handling reports of security weaknesses. The US government will require each civilian agency to create a public policy for software-vulnerability disclosure, as well as a strategy for handling any potential security weaknesses reported by researchers.
Rapid7 researchers found holes in CAN bus networks that an attacker could exploit to sabotage its operation. The US Department of Homeland Security Cybersecurity and Infrastructure Security Agency (CISA) has issued an alert on newly found vulnerabilities in the controller area network (CAN) bus networks used on small aircraft that could be abused by an
The drones are reportedly built with parts that can compromise organizations’ data and share it on a server accessible to the Chinese government. The US Department of Homeland Security warns Chinese-made drones could be transmitting flight data to manufacturers and, in doing so, make it accessible to the Chinese government. Data security concerns aren’t new
Industry leaders debate how government and businesses can work together on key cybersecurity issues. If money were no object, and you didn’t have to worry about bureaucracy or politics, what would you have your organization do to make a difference in the public-private sector discourse on cybersecurity? How would you improve tactics and techniques? “The
All government domain owners are instructed to take immediate steps to strengthen the security of their DNS servers following a successful hacking campaign. On Jan. 22, US-CERT issued notice of a CISA Emergency Directive on DNS Infrastructure Tampering. The notice was the typically brief CERT notice, but it linked to an Emergency Directive at cyber.dhs.gov